HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

Table 8-3 Replication agreement attributes (continued)

ValuesDescriptionObject class or attribute

SIMPLE

SSLCLIENTAUTH

SASL/GSSAPI

SASL/DIGEST-MD5

The connection type for replication

between the servers. The connection

type defines how the supplier

authenticates to the consumer.

Leaving the bind method empty or

setting it to SIMPLE means that the

server uses basic password-based

authentication. This requires the

nsds5ReplicaBindDN and

nsds5ReplicaCredentials

attributes to give the bind information.

The SSLCLIENTAUTH option uses a

secure connection. This requires setting

the nsds5ReplicaTransportInfo

attribute be set to SSL or TLS. For

certificate-based authentication, the

consumer server must also have a

certificate mapping to map the subject

DN in the supplier's certificate to the

replication manager entry.

Using SASL/GSSAPI requires that the

nsds5ReplicaTransportInfo

attribute is set to LDAP; Directory

Server does not support using GSS-API

over TLS/SSL. The supplier server

must have a Kerberos keytab (as in

“About the KDC server and keytabs”),

and the consumer server must have a

SASL mapping to map the supplier's

principal to the real replication

manager entry (as in “Configuring

SASL identity mapping from the

console”).

The SASL/DIGEST-MD5 setting, like

SIMPLE, uses password-based

authentication and requires the

nsds5ReplicaBindDN and

nsds5ReplicaCredentials

attributes to give the bind information.

nsds5replicabindmethod: type

Only for simple authentication. Stores the

hashed password used with the bind

DN given for simple authentication.

nsds5replicabindcredentials:

hash

A root suffix associated with a

database, because the entire database

is replicated. For example:

dc=example,dc=com

Sets which subtree is replicated.

nsds5replicaroot: suffix

Any text string. It is advisable to

make this a useful description, such

as agreement between

supplier1 and consumer1.

A text description of the replication

agreement.

description: text

'(objectclass=*)' $ EXCLUDE

userPassword manager cn

Optional. Sets which attributes will not

be replicated. The filter must be set to

"(objectclass=*)", and the list of

attributes are separated by a single

space.

nsds5replicatedattributelist:

'(objectclass=*)' $ EXCLUDE

attributes

370 Managing replication